package com.zhang.eurekaclient.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * @author zhd
 * @date 2019/08/30
 *
 * 定义谁可以访问服务
 **/
@Configuration
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    /**
     * 所有访问规则都是通过传入方法的HttpSecurity对象配置的
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //1、针对所有请求的规则
//        http.authorizeRequests().anyRequest().authenticated();

        //2、特定规则，antMatchers()允许开发人员限制对受保护的URL和HTTP GET动词的调用
        http.authorizeRequests()
                .antMatchers(HttpMethod.GET, "/hello")
                //hasRole()方法是一个允许访问的角色列表，该列表由逗号分隔
                .hasRole("ADMIN")
                //其他端点都需要已验证的用户来访问
                .anyRequest()
                .authenticated();
    }
}
